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ABSTRACT : 

A method for anti-piracy protection of a software application by obfuscation of the 
execution of portions of the applications code is described. The method comprises 
providing a language specification and library to implement the functions of the 
language, providing a compiler to translate the language into byte codes, and 
providing an interpreter to execute the byte codes using the library. The method 
further comprises providing the language specifications, library, compiler, 
interpreter, and instructions to a software publisher, wherein the software 
publisher embeds the library and interpreter in the application to be protected, 
and selects and prepares application code segments for processing into byte codes 
by the compiler. The application is then executed using the embedded library and 
interpreter, wherein the execution of the application is obfuscated by the use of 
byte codes. A further aspect of the invention is to provide the compiler, 
interpreter, and library functions on a secure server, giving the language 
specification and only limited instructions to the publisher for preparation of the 
application for protection processing, for the purpose of preventing a hacker from 
studying the operation of the toolset. 
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ABSTRACT : 

Media content is associated with households using smart cards. The media content is 
encrypted and/or decrypted based on a household identifier corresponding to a smart 
card. Media content is encrypted such that it can only be decrypted with the same 
(or similar) smart card. Thus, the encrypted media content can be safely 
transferred within a computing device, stored, transferred to other computing 
devices, etc. because it cannot be decrypted without the smart card. 
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ABSTRACT: 

A system for preventing accurate disassembly of computer code. Such code masking, 
referred to as " obf uscation, " is useful to prevent unwanted parties from making 
copies of an original author's software, obtaining valuable information from the 
software for purposes of breaking into a program, stealing secrets, making 
derivative works, etc. The present invention uses assembly- language instructions so 
as to confuse the disassembler to produce results that are not an accurate 
representation of the original assembly code. In one embodiment, a method is 
provided where an interrupt, or software exception instruction, is used to mask 
several subsequent instructions. The instruction used can be any instruction that 
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causes the disassembler to assume that one or more subsequent words, or bytes, are 
associated with the instruction. The method, instead, jumps directly to the bytes 
assumed associated with the instruction and executes those bytes for a different 
purpose. A preferred embodiment works with a popular Microsoft "ASM" assembler 
language and "DASM" disassembler. The instructions used to achieve the obfuscation 
include "INT" instructions. Using this approach up to 17 bytes of obfuscation can 
be achieved with five instructions. Each instruction remains obfuscated until 
executed and returns to an obfuscated state afterwards. 

1 Claims, 2 Drawing figures 
Exemplary Claim Number: 1 
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ABSTRACT : 

A system for secure delivery of on-demand content over broadband access networks 
utilizes a pair of servers and security mechanisms to prevent client processes from 
accessing and executing content without authorization. A plurality of encrypted 
titles are stored on a content server coupled to the network. An access server also 
coupled to the network contains the network addresses of the titles and various 
keying and authorization data necessary to decrypt and execute a title. A client 
application executing on a user's local computer system is required to retrieve the 
address, keying and authorization data from the access server before retrieving a 
title from the content server and enabling execution of the title on a user's local 
computer system. 



3 9 Claims, 23 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 22 
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ABSTRACT : 



A system and method of generating index information for electronic documents. The 
system includes a client, one or more information retrieval (IR) engines, such as a 
search engine, which are each in communication with each other via a network. In 
one embodiment of the invention, the server maintains a plurality or data objects 
that are protected by digital rights management (DRM) software. Upon receiving a 
network request from one of the IR systems, the server dynamically generates an 
electronic document that provides index information that is associated with one of 
the data objects. In one embodiment of the invention, the server dynamically 
generates the contents of the electronic document based upon the indexing 
characteristics of the IR system. Furthermore, upon receiving a network request 
from one of the client, the server determines whether the client is authorized to 
access the data object that is associated with the network request. If the client 
is authorized to access the data object, the server transmits the data object to 
the user. Alternatively, if the client is not authorized to access the data object, 
the server dynamically prepares instructions to the client, the instructions 
describing additional steps the user at the client may perform to get authorized to 
access the data object. 

12 Claims, 17 Drawing figures 
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ABSTRACT: 

Methods and apparatuses for obfuscating computer instruction streams. In one aspect 
of the invention, an exemplary method includes breaking each of at least two 
operative instruction streams into a plurality of parts and interleaving the parts 
into a new instruction stream. In another aspect of the invention, an exemplary 
method includes breaking each of at least two operative instruction streams into a 
plurality of parts and interleaving the parts with obfuscation codes into a new 
instruction stream. The obfuscation codes interrelate the parts from different 
instruction streams to prevent reversal of interleaving. 

59 Claims, 11 Drawing figures 
Exemplary Claim Number: 31 
Number of Drawing Sheets: 11 



Classification 



i iv- - - . „ 



□ 29. Document ID: US 6643775 Bl 

L44: Entry 29 of 38 



File: USPT 



Nov 4, 2003 



US- PAT-NO: 6643775 

DOCUMENT- IDENTIFIER: US 6643775 Bl 

TITLE: Use of code obfuscation to inhibit generation of non-use-restricted versions 
of copy protected software applications 

DATE-ISSUED: November 4, 2003 



INVENTOR- INFORMATION : 
NAME 

Granger; Mark J. 
Smith; Cyrus E. 
Hoffman; Matthew I. 



CITY 
Azusa 
Monrovia 
South Pasadena 



STATE 
CA 
CA 
CA 



ZIP CODE 



COUNTRY 



US -CL- CURRENT: 713/190; 380/255, 380/268, 726/26 
ABSTRACT: 



http://jupiter2:9000Mn/gate.^ 5/31/2007 



Record List Display 



Page 16 of 24 



Three methods are disclosed for protecting software applications from unauthorized 
distribution and use (piracy) . The first method involves using values generated by 
a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
values returned by the ESD, and the user data is later decrypted using like values 
returned by a software- implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 

48 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 11 
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a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
values returned by the ESD, and the user data is later decrypted using like values 
returned by a software -implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 



50 Claims, 14 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 11 
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ABSTRACT : 

Three methods are disclosed for protecting software applications from unauthorized 
distribution and use (piracy). The first method involves using values generated by 
a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data 
(such as a file) that is generated and used by the application. In a preferred 
embodiment, the user data is encrypted (such as during a write to memory) using 
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values returned by the ESD, and the user data is later decrypted using like values 
returned by a software -implemented ESD simulator. The second and third methods 
involve the use of special development tools that make the task of analyzing the 
application's copy protection code (such as the code used to encrypt and/or decrypt 
user data) significantly more difficult. Specifically, the second method involves 
using pseudocode to implement some or all of the application's copy protection 
functions. The pseudocode for a given function is generated (preferably in 
encrypted form) from actual code using a special development tool, and is then 
imbedded within the application together with a corresponding pseudocode 
interpreter. The interpreter fetches, decrypts and executes the pseudocode when the 
function is called. Because no disassemblers or other development tools exist for 
analyzing the pseudocode, the task of analyzing the copy protection functions 
becomes significantly more complex. The third method involves the use of a special 
obfuscation tool to convert the code for selected copy-protection functions into 
unnecessarily long, inefficient sequences of machine code. In one implementation of 
the obfuscation tool, the developer can control the quantity of code that is 
generated by specifying one or more control parameters. The three methods can also 
be used to protect software license management systems from security attacks. 
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ABSTRACT : 



A CPU is provided with an ability to modify its operation in accordance with an 
encryption key. When a program is compiled, the program is modified in order that 
execution may be performed with the CPU with its operation modified. As a result, 
it is unnecessary to decrypt the program into standard op codes prior to execution. 
The keyed program operation permits secure transfer of program data through open 
channels such as the Internet. A programmable instruction decoder programmable 
decodes encrypted instruction op codes, without decrypting them into standard op 
codes. Logic is used to accomplish network handshaking. The network handshaking 
further used to provide additional key information for continued operation the CPU. 
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US -CL- CURRENT: 726/22; 380/30, 705/52 
ABSTRACT : 

In one apparatus, a number of obfuscated programming instructions are equipped to 
self -verify whether execution of the obfuscated programming instructions is being 
observed. In another apparatus, a number of obfuscated programming instruction are 
equipped to determine whether the apparatus is being operated in a mode that 
supports single step execution of the obfuscated programming instructions. In yet 
another apparatus, a number of obfuscated programming instruction are equipped to 
verify whether an amount of elapsed execution time has exceeded a threshold. In yet 
another apparatus, a first and a second group of obfuscated programming instruction 
are provided to implement a first and a second tamper resistant technique 
respectively, with the first and the second group of programming instructions 
sharing a storage location for a first and a second key value corresponding to the 
first and the second tamper resistant technique. 

3 2 Claims, 9 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 9 
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TITLE: Tamper resistant methods and apparatus 

DATE- ISSUED: January 23, 2001 

INVENTOR- INFORMATION : 
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Graunke; Gary L. 

US -CL- CURRENT: 726/22; 713/194 
ABSTRACT : 

In one apparatus, a number of obfuscated programming instructions is provided to 
perform integrity verification on a number of other plain text programming 
instructions. In another apparatus, a number of obfuscated programming instructions 
is provided to self -verify an invocation of the obfuscated programming instructions 
is not originated from an intruder. 

19 Claims, 9 Drawing figures 
Exemplary Claim Number: 1 
Number of Drawing Sheets: 9 
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Portland 


OR 
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US -CL- CURRENT: 726/22; 713/190, 713/194 
ABSTRACT: 

In one apparatus, a group of plain text and obfuscated cells of programming 
instructions is provided to implement a descrambler that descrambles scrambled 
content to generate descrambled content. In another apparatus, a group of plain 
text and obfuscated cells of programming instructions is provided to implement an 
authenticator that provides appropriate authentication challenges to a scrambled 
content provider, and generates appropriate authentication responses to 
authentication challenges from the scrambled content provider. In yet another 
apparatus, a group of plain text and obfuscated cells of programming instructions 
is provided to implement an integrity verifier that performs integrity verification 
on a decoder. In yet another apparatus, a group of plain text and obfuscated cells 
of programming instructions is provided to implement a secrets holder that holds a 
number of secrets associated with playing scrambled contents. 

31 Claims, 9 Drawing figures 
Exemplary Claim Number: 12 
Number of Drawing Sheets: 9 
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ABSTRACT : 



A software-based computer security enhancing process and graphical software- 
authenticity method, and a method to apply aspects of the two are disclosed. The 
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process provides protection against certain attacks on executable software by 
persons or other software used on the computer. Software using this process is 
protected against eavesdropping (the monitoring of software, applications, the 
operating system, disks, keyboard, or other devices to record (steal) 
identification, authentication or sensitive data such as passwords, User- ID'S, 
credit -card numbers and expiry dates, bank account and PIN numbers, smart -card 
data, biometric information (for example: the data comprising a retina or 
fingerprint scan) , or encryption keys) , local and remote tampering (altering 
software to remove, disable, or compromise security features of the altered 
software) examination (viewing the executable program, usually with the intent of 
devising security attacks upon it) , tracing (observing the operating of an 
executable program step-by- step) , and spoofing (substituting counterfeit software 
to emulate the interface of authentic software in order to subvert security) by 
rogues (eg: Trojan Horses, Hackers, Viruses, Terminate -and- stay-resident programs, 
co-resident software, multi- threaded operating system processes, Worms, Spoof 
programs, key-press password capturers, macro recorders, sniffers, and other 
software or subversions) . Aspects include executable encryption, obf uscation, anti- 
tracing, anti-tamper & self -verification, runtime self -monitoring, and audiovisual 
authentication (math, encryption, and graphics based method permitting users to 
immediately recognise the authenticity and integrity of software) . FIG. 5 in the 
specification depicts the many components and their interaction. 
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ABSTRACT : 

A method for generating code for an object-oriented processor is disclosed. An 
instruction table is initialized to include a plurality of instructions for an 
object-oriented processor, each of the plurality of instructions having a set of 
operands and an operand type for each of the set of operands. In addition, a 
weighting table is initialized to include a set of the plurality of instructions 
and a weight for each of the set of the plurality of instructions, the weight 
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indicating frequency of generation for a particular instruction. A class hierarchy- 
is created, the class hierarchy having a plurality of classes stored in a tree data 
structure, each of the plurality of classes having a set of fields and a set of 
methods, each of the plurality of classes, each of the set of fields, and each of 
the set of methods having object-oriented properties. Within the class hierarchy, a 
set of objects is randomly generated for each of the plurality of classes. A method 
is selected from the sets of methods, and a set of instructions is generated for 
the selected method according to the instruction table and the weighting table 
using the class hierarchy. 
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ABSTRACT : 



An obfuscation device for use in cable television systems includes a memory for 
storing a plurality of channel status bits. The state of each channel status bit 
corresponds to the authorization or non-authorization of a particular channel. The 
obfuscation device includes a circuit for selecting a number representing a 
frequency and a circuit for generating an obfuscation signal that randomly varies 
about the selected frequency. The obfuscation device uses the selected number to 
address a location of the memory to fetch the channel status bits corresponding to 
the respective residences for the channel in which the selected obfuscation 
frequency lies. The fetched status bits are applied at random time in a 
predetermined gating period to gating circuits that enable the generated 
obfuscation signal to be superimposed randomly, with respect to timing, on the 
program signal of the channel in which the obfuscation frequency lies to obfuscate 
the television picture received by viewers of television sets in the residences not 
authorized to receive the channel in which the obfuscation frequency lies. 
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